Description

The Spring Expression Language (SpEL) provides a powerful expression language for querying and manipulating an object graph at runtime.

The Spring Boot framework improperly handled exceptions when preparing Whitelabel Error pages and user-controlled exception messages were evaluated as SpEL expressions allowing an attacker to execute arbitrary code.

Remediation

Upgrade to the latest version of Spring Boot.
Spring Boot versions 1.2.8 and 1.3.1 have been released to fix this vulnerability.

References

Spring Boot RCE

YAHOO! RCE VIA SPRING ENGINE SSTI

whitelabel error page vulnerability

Spring Boot 1.3.1 and 1.2.8 available now

Related Vulnerabilities

Multiple critical vulnerabilities in Apache Struts2

Check for apache versions up to 1.3.25, 2.0.38

PHP version older than 5.2.6

Drupal 7 arbitrary PHP code execution and information disclosure

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Error Handling Server Side Template Injection